Taking the 49% figure for granted, there is 49% of hundreds of millions (or [puts pinky by lips] "billions?") of dollars at stake in the way the Academy releases movies to screeners.
Why don't the MPAA and the Oscar people hire private jets to take groups of screeners every weekend to a special [secure] theater in Los Angeles where they sit in leather couches and drink wine and eat caviar while they watch a bunch of noninated movies in a category in glorious and gluttonous comfort, then take them out to a designer restaurant, and then put them up in a $500/night five-star hotel? Total tab per person - $10000. 3000 screeners -> $30,000,000. Wow, look, it's not a watch-movies-with-the-barbarians inconvenience anymore - it's a privilege to be a screener.
Or, how difficult would it be to add some loss during any part of a distributed two-hour movie (i.e. color, bluriness, sound, distortion, watermark) that is unique to each and every distributed disc? When pirate disk hits the market, you look for the loss or signature for the content or areas of the film that were cut out and then prosecute the violating screener(s) for all that they are worth? Let's say that you need a bunch of equipment and some trustworthy expert staff to make it work - total cost $2,000,000 per year. Stopping screener piracy through accountability - priceless.
Lame! I can only assume that they have no interest in solving the problem - just punishing everyone for the acts of a few.
-ez
PS: Sorry about the flip-flops. It's about time I got some new ones.;^)
Talk about SPAM; he's absolutely not neutral. Talk about things he needs to do to fix BIND when Verisign breaks DNS behavior; he works to find a solution that his customers are looking for. Talk about what you need to do to run root nameserver; he's a neutral servant to the Internet.
ICANN should "do something". It's in their mandate to do something, not Paul's.
ICANN:Internet:Verisign:: UN:US:Iraq
If ICANN doesn't act, the Internet can/should move unilaterally against Verisign, and ICANN is (again) weakened. If ICANN acts, ICANN has the support of the Internet. The case for the Internet against Verisign isn't absolutely lear yet, but Internet intelligence suggests that Verisign has used weapons of mass destruction ("*").
One bad effect from the Verisign infection is that many bogus mailers are no longer bogus. Example:
From: spammer@ferewrf.com
To: You
Subject: Herbal supplement
Some spam filters would use DNS to notice that ferewrf.com. is a bogus mail server (no MX, no A), and therefore reject the mail for forging the sender. Well, now ferewrf.com..com has an A record pointing to 64.94.110.11, so it's now a "valid" mail server.
Doh!!!
We gotta get those resolvers to fail on requests to bogus domains.
A wise friend pointed out to me that Verisign owns all of those *.GTLD-SERVERS.NET servers, so they could theoretically pop this record onto any/all of those servers, and it's hard to boycot all of the Verisign-monopoly COM/NET servers because we need to query them to get valid COM/NET answers. Mod my last post -1 Clueless. It's not _the_ solution, but it might work temporarily until Verisign changes who is serving the global record.
One could change resolver software to detect when there's a bogus response. The logic might look as follows:
If QueryType="A" and Answer="64.94.110.11"
Then Respond(SERVFAIL);
or
If QueryType="A" and Member(Answer, *BogusList)
Then Respond(SERVFAIL);
I think DJBDNS's query.c could be one spot. People working on BIND might have a solution, too.
At my last check, only the "a", "c", and "d" COM servers are serving the global A record for *.COM.
I am removing those broken nameservers from my root zone hints at all of the places that I administer. Hopefully enough root servers will remain clean of this aborration to keep up a good level of service.
I encourage others everywhere to do the same and ask their ISPs follow suit. If you don't play fairly with the public trust, the public should stop trusting you.
If Verisign can hijack *.COM and *.NET, what is to keep resolving ISPs from hijacking unused domains at the resolver level to suit their own purposes?
Where was the RFC on this practice? It would never have passed peer review.
-- Eric Ziegast Former TLD administrator. Former hostmaster at a major ISP.
Martians concerned over Russian nuke plans (October 5th, 2006)
Rocky Canyon, MARS - Local residents plan to block Russian efforts to build nuclear power plants on Mars. Fearing potential health risks from nuclear accidents and what they claim to be a spotty safety record from Russians, representatives of a coalition of Martian leaders plan to raise awareness of the issues and protect or attempt to block the Russian plans. "Not in my back yard!" claims local long-time resident Marvin the Martian, "We do not want an Earth-shattering kaboom on our planet. We have no demodulator for nuclear waste."
Local retiree, Flash Gordon, points out that other environmentally sound energy alternatives are available like geothermal and solar energy. "I don't understand why we should be the dumping ground for Earth's waste. I'm also concerned about their need to use what little water we have to cool their power plants. It sounds like a bad idea to me."
Russia's Nuclear Energy Ministry plans to send a delegation to the planet in 2010 to hold a series of public hearings and town meetings on the matter. "We hope that once the great people of Mars learn the facts about our advances in safety of nuclear energy, that they will welcome a new cheaper source of energy," informed Dr. Strangelove, interim leader of the earth-based planning and research committee. The spotty record of Terran nuclear safety is well known to Martians, including the well-known 20th century Chernobyl and Three Mile Island accidents and the San Onofre security incident last year.
Total Recall star and former California Govenor Arnold Schwarzenegger is rumored to be an investor in the contruction company contracted by the Russian agency to develop the terra-forming technology required to build the power plant. When asked about his links between his commercial investments and campaign contributions to Russian elected officials, he withheld comment.
Mars and Earth are seperated by millions of miles, both literally and apparently in viewpoints about the nuclear project. We look forward to seeing if they can come closer together on this issue.
An article says that Microsoft averted the distributed denial of service attack effects of the virus...
Key quote: The attack was apparently an attempt to cripple the site and make it more difficult for users to protect their computers against the Blaster worm. But Microsoft on Friday changed the way it routes computers to the site, averting the attack.
Take a look how they did it:
windowsupdate.microsoft.com.
IN CNAME windowsupdate.microsoft.com.edgesuite.net.
wind owsupdate.microsoft.com.edgesuite.net.
IN CNAME a822.cd.akamai.net.
While larege web sites normall use Akamai's services to serve static content (images/media/text) to the world on a massive scale (thousands of servers, gigabits/second of traffic), they leveraged their infrastructure to implement what I call the "Save Your Ass" DDoS protection product. They use their farms of web servers as reverse proxy cache web servers for your web site. The servers would forward legitimate dynamic requests to your web server and serve cached images directly. Since SYN floods aren't valid requests, they'd get dropped at Akamai. Microsoft would deal with only a normal amount of traffic.
Akamai kicks butt (used them myself, and their competitors, too), but Akamai is expensive - once quoted at $1000/Mbps a couple years ago. Even if Microsoft's Windows Update service still works properly, they now have real monetary damages due to a security flaw because they now have to pay Akamai for service.
Interesting note: Akamai is/was mostly Linux-powered. So are Microsoft OS clients talking through Linux boxes to get to Microsft?
Linux saves Microsoft - news at 11.
-ez
Karma - Whore (based on your use of Anonymous Coward when posting garbage)
Call this flamebait or troll, but we don't need no stinkin' supercomputers!
The primary uses of supercomputers that I've read about are to perform simulations of real-world phenomena. It might be possible to contruct circuitry that makes a computer more efficient at a series of specialized computing tasks. It's arguably more efficient to not use supercomputers.
(DANGER - intentional lack of sentitivity below)
Examples:
1. Genomic research - inject experimental drugs into real-live humans. If a higher percentage live or improve, great. If not, the world has too many people anyway. Mutants rule!
2. Nuclear simulations - find a large desert or remote tropical island and nuke it. For studies of effects of radiation on humans - see 1.
3. Weather prediction - use a desktop computer and a weatherman's intuition to give 80% accuracy for what's reported. If your weatherperson is entertaining or easy on the eyes, people won't care about the 20% of the time that they're dead wrong. (Eg: www.nakednews.com)
4. Chess - Watching two people play chess is dull. Watching a person play a computer is dull and pointless. Watching two computers play each other is merely a senseless benchmark test.
5. America's Cup Sailboats - A sailboat is a hole in the water into which you pour money. The faster the sailboat, the faster you pour money into it. Arrrr, matey!
6. SETI - If there's intelligent life out there, it will either take thousands of years for them to reach us (normal sublight travel) or they will arrive here faster than any of their radio signals ever will. Let future generations tackle the problem when we can use orbital or lunar radio telescopes after we solve our own problems on Earth.
7. Cryptography - Social engineering is the most effective breaker of computer codes. Never underestimate the power of a wooden stick to extract secret keys from unbreakable coiphers.
8. Energy resource discovery - If it weren't for the damned environmentalists, we wouldn't care about drilling holes wherever the oil companies want to.
9. Video games - Oh wait, this would actually be a great use for a supercomputer. We'll call it the Metaverse or "The Matrix". <drool>
They think webmail is going to be more popular than imap, or pop3 mail boxes.
If Microsoft lets its market share for desktop-based e-mail clients slip, it could be short-sighted.
I use web-based mail at work (iPlanet/SIMS) and web-based mail (Yahoo) at home as my primary mail-reader. I have broadband in both locations and the responsiveness of web-based e-mail conpared to desktop e-mail clients is negligible.
My work-at-home CEO has satellite at home. He can't use the web-based product because the interactive sluggishness from delay and packet loss would kill his productivity. SSH-tunneled POP works great for him because his local e-mail client (Outlook) downloads new e-mail in the background and sends messages out in the background while he is composing/reading mail quickly in the foreground.
When I administered e-mail for a dialup ISP, the primary method our users preferred to access their e-mail was POP to Outlook Express or Netscape Messenger. It is painfully slow to browse through e-mail over a dialup connection. There are still millions of dialup users out there. They are the majority of users on the Internet.
If people use wireless devices in the future, their experience will be more similar to dialup/satellite than broadband, and they'll demand a product that isn't web-based-only. Some of the ideas brought to light by Central or similar technologies could satisfy both broadband/fixed and narrowband/mobile users.
Microsoft makes an excellent user interface for e-mail. They're good at that. Their enterprise/corporate customers may continue to pay for it. Other products like M2, Evolution, and Mozilla will help fill the consumer niche if they open it up. If it weren't for Microsoft's early monopoly bundling tactics vs Netscape Navigator (founded on a "beta/intro is free, production version costs money" business model), we might not have nor expect free browser and e-mail software. We're spoiled. If it weren't for security or playform supportissues, more of us Slashdotters might use Outlook Express.
A "few years ago" was the height of Sun's dot com bubble. If you wanted to run Oracle reliably, you bought Sun/Solaris/Sparc servers along with expensive storage hardware. Trying anything else was "risky". Compared to now, Linux was far more experimental. Oracle had just announced it was going to support Linux. Oracle's support for linux helped put companies like RedHat and VA Linux on the map. Early pioneers tried Oracle on Linux and bot burned. It's gotten alot better today now that Oracle doesn't have to keep chasing the moving target of the distribution du jour or kernel of the month to support their customers.
My biggest gripe about implementing Oracle on Linux is installation. Even with a generic RedHat Advanced Server install (one of their "supported" stable platforms), there are problems with with linking libraries or even just using unzip that just don't seem to make sense (should have been caught in QA). If you don't use their blessed commercial Linux OS distributions, you won't find any suppport from Oracle and scant support from the metalink user community. It helps if you know Unix/Linux enough to debug their shell scripts to figure out what's breaking.
Once we were done installation, our applications and databases ran similar Solaris systems (i.e. knowing how to make patches, managing backups, etc.). Our previously-Sparc-based DBA felt at home using the database tools on Linux. The best part is that our hardware and OS combined cost 25% comparable Sun hardware. We could afford to buy two servers and use the other as a cold backup. If we ever run out of memory, it's dirt cheap to buy more PC DDR SDRAM.
Now that Oracle is reportedly using Linux everywhere, perhaps they'll tune their installation process.
- a sysadmin
Lead the way, and others will follow
on
Replacing SMTP?
·
· Score: 1
If you use a new communication protocol, and if people want to communicate with you, they will follow you.
People used to use UUCP, BITNET, BBSs (including popular ones like Prodigy, GEine, CompuServe), FidoNET, and X.400 to talk with each other. People on one network might even know how to send e-mail to person on another network. There was a short time in the late 1980's when people thought X.400 (messaging) and X.500 (directory services) would glue everyone together. SMTP, though, was mush easier for e-mail software programmers to implement and became the de facto standard when the Internet was commercialized. It was easy for large user communities like CompuServe and AOL to gateway their e-mail using SMTP. It was also easy for cell phone and pager companies to install SMTP gateways for their products.
SMTP is the (current) least common denominator.
New user communities are developing in Instant Mesaging (AIM, MSN IM, Yahoo IM, IRC, Jabber). Why e-mail someone when you can send an Instant Message? Why use an e-mail mailing list when people have easy access to a threaded web-based forum (like SlashDot) or a BLOG? Why send people e-mail invitations when you can use an Evite?
If you give people your instant messaging ID instead of your e-mail address, that's one less person you will need to communicate with via e-mail. If you give people your cell phone number, they'll call you there or e-mail your text messaging feature. If you tell people, "go to myname.myblog.com" and enter a message, they'll do that. They might bookmark the method they'd use to contact you and use it.
Examples of the future might include:
"blog://myblog.com/myname/yourname"
"google://messages&from=myname&to=yourname&date-gt -2003-08-03&pw=password"
"http://im2000.yahoo.com/myname/messageid"
"vtext:212-867-5309"
No one company or standards board is going to be able to define "the new standard" (X.400 proponents tried and failed here). The people themselves will decide what it is (with a little help from commercial online services to make it easy for them to use).
... and the spammers will use the new protocols when the number of users using a new messaging protocol number more than a million. If there are technical ways of defeating spam in new protocols, then they will be more desirable for people to use than other protocols (including SMTP).
Just a thought for those who like to build sick beowulf clusters out of white box PCs...
If you stack the laptops closed side by side, you can fit 20 of them in a width of 19". If the depth of the rack is 30", you can fit 20 on one side and 20 on another. The height would be 5 rack units, but you'd probably need 1U for power/network cabling. You'd also probably want a 1U 48-port ethernet switch and a 1U shelf for a total of 7U. Each laptop comes with its own UPS. Each laptop - sans hard drive - would probably suck about 20W while on - and 15W when in powersave mode. With 40 laptops, that's 6 rack units of 800W with 40GHz of processing power for $32000.
Each box would boot off of a solid state disk (8MB compactflash or 16MB USB thumb drive) with enough smarts to join the cluster.
Power distribution would be the only real challenge, perhaps some parallel DC bus that all laptops suck 12V off of.
Ok, enough of that.
Personally, this could be my next laptop. I've always looked to Transmeta for long-running laptops, but they've always been to consumery/trendy/expensive for me to consider.
Now there's one degree of separation between you and the people we want to kill.
I heard that the Army is changing it ranking system:
Enlisted recruit -> Developer Preview
Private -> 1.0
Corporal -> 1.0 Service Pack 1
Sergeant -> 3.0
Lieutenant -> 2000
Major -> 2003
General -> Longhorn
Commander in Chief -> Nickname: Gates
That's almost 500000 computers all running Windows, folks. With a 20:1 ratio, that's 25000 MCSA jobs. Those certification schools were right! I need to certify today!
In other news...
REDMOND, Wa - Microsoft, now a strategic national security asset, is increasing security around it's Redmond, Washington campus. Now known as "Fort Redmond", a 20 foot wall laced with barbed wire is expected to be built within the year. Local residents are outraged....
We now have new respect for technologies like Windows Terminal Server or GotoMyPC.com combined with Centrino technology. That could be a tank you're logging into.
Overheard during a training exercise: "Sorry, Sarge, I can't find the orders yet. Its mixed in here somewhere with all of this spam.
Another company uses the same concept with more of a specialty for diskless firewall products and wireless. The have good support for OpenBSD/w hardware crypto acceleration as well as Linux and FreeBSD.
When BSDI's BSD/386 was first released, they advertised their phone number - 800-ITS-UNIX - implying indirectly that the operating system was a UNIX derivative. Lawsuits ensued, and instead of trying to prove that UNIX was generic, BSDI just changed the phone number to settle on that count. USL defended the trademark.
That round of lawsuits, though, paved the way for freeing the BSD 4.4 Lite code base to be used by *BSD and Linux operating systems to build their products. Acknowledge the efforts of those people (BSDI and the University of California) when you run your free operating system today.
The trademark had been defended in the past, and Apple can either try to defend their use of "Unix" (like it seems they're doing) or side-step the issue (like BSDI). Sure, there's alot of pollution in the press where journalists mistake a free operating systems for a "Unix-based" operating system or use the term "unix" generically, but the current trademark owners might have a leg to stand upon when it comes to corporate advertising of a product. I can't think of any company that advertised an operating system as "Unix" and got away with it.
Frankly, the term "Unix" has as much stigma to it (expensive, incompatable, hard to administer, not Microsoft) as it does positive (stability, scalability, not Microsoft). Apple could do without using "Unix" in its advertising and continue to market the operating system on its own merits. To fight for use of the "Unix" trademark seems to me to be waste of shareholder money. Is the benefit to Apple worth the expense of fighting the lawsuit?
IANAL; YMMV; yadda yadda yadda
-ez
(*) "Unix" is a trademark of <insert company du jour>.
The advantage of backup to nearline disk is the near-instant access times for restores. You don't have to wait for a tape to load, and the read speed can be 50 megabytes/sec or higher if you use striping (RAID0,0+1,1+0,3,5) with multiple disks.
On the down side, you need to keep spinning a disk in a RAID environment to make sure the data is still good. Drives with one-year warranties aren't designed to sit on a shelf for 5 years and be powered back on. When drives fail, the RAID takes over and rebuilds a spare. You then take out the bad drive and replace it. To protect data, you need to keeps the disks spinning, and that consumes power. With lots of drives, it's lots of power.
One vendor has a hybrid solution that has disks both online and offline emulating a tape library. When disks aren't in use, they spin down. You get the best of both worlds - fast access time and storage that doesn't require power all of the time. It's great for nearline restores, but isn't designed (pricewise) for long-term storage.
In an enterprise world, I see people use SCSI- or FCAL-based SAN/NAS storage with nearline recovery data on IDE farms and long-term archive storage on tape libraries. The software to manage the data can be complicated and/or expensive.
In a budget world, I see people use IDE storage for both active and nearline and archive storage. The only difference between the storage is that the disks on the nearline or archive storage are larger and are used less frequently.
If you have data that gets read frequently after it is backed up or which requires fast recovery times, use nearline disk. If you have data that needs to be archived without any immediate requirements to read it in the near future, use archive tape.
AOL's (and others') mail blocking practices are opportunities to those that see them. The simple solution is that DSL/Cable/Dial customers should use the outbound SMTP server of their ISP. The ISP usually enforces anti-spam rules on their customers to help protect the ISP from being blacklisted. Sometimes that's not good enough for a customer.
Where there's a will, there's someone willing to pay. A consultant can help a business do the right thing. If you have your own SMTP server on the net, you can configure it to forward mail for your clueless client base and charge them money. If they send spam, you charge them enough money through contract law (and having their credit card number handy) to make it painful for them to do so.
... an inside joke for those who have seen the CDW commercial. See Fred's website.
I just started a new job recently. The title "Senior Engineer" seems to be generic enough. My boss, "Directory of Technology", works with all sorts of technology: systems, networking, database, phones, stereo, air conditioning, etc.
I don't want my cell phone company giving out my name/number to a directory. How much do we value having a dedicated phone number for our cell phones mapped into the locality of area codes and prefixes? We don't need it. Much like people use NAT on the Internet, we don't need dedicated telephone numbers for everyone. If a cell phone provider were given a 3-digit identity (###) for every 2-5 million subscribers with their own 7-digit phone numbers (xxx-xxxx):
1. 1-877-700-0### xxx-xxxx - The cell customer pays toll charges if not on a nationwide plan). A mobile phone company might make money letting people use vanity toll free numbers like (87-SLASHDOT) to access their customers.
2. 700-0### xxx-xxxx - Configured from within each LATA.
If I make an outbound call, the caller ID (without extensions to Caller ID) is the 700-0### phone number. If you don't like getting calls from mobile phone users, block it. If I want to have a caller-ID when I call, I can pay my phone company extra money for a random 7-digit number in some area code (think of it like a static IP address).
1. It gives customers more flexibility in choosing their vanity mobile numbers. 2. It helps prevent further area code depletion. 3. It can map well to Internet services (eg: xxxxxxx.###mobile.us). (Make ###mobile.us a reserved name at NIC.US). 4. It gets us out of the locality mindset that the phone companies were found upon and maps better to today's nationwide phone service. It's not just cell phone companies, other virtual phone companies like Vonage (www.vonage.com) are springing up.
I would be a customer of the mobile phone corporation that would not list my information in a public phone company directory. If I want to advertise my number in a directory, I can get my mobile number mapped to a static land line number for the local ILEC to publish in their white pages. Yellow pages are another thing entirely (not an issue).
do you not regard pushing the onus of measuring bandwidth off to your customer an inappropriate one?
I agree. Other projects just happen to be higher on our list right now than real-time bandwidth reports.
Some of the better ISPs give their customers MRTG graphs. Some ISPs even run the data through a program that figures out who is exceeding their quota and starts choking off bandwidth over the period of a month to keep the customer from going over. Web server management tools (Plesk, Ensim, Cobalt) or more-programable rate limiters (OpenBSD/FreeBSD/Linux?) give ISPs more tools to report/manage bandwidth.
I currently work for an ISP that offers shared and dedicated web services. The Terms of Service that the customer signs are pretty explicit about their being responsible for bandwidth usage.
A few notes about charging for bandwidth:
As a hosting provider, we get charged for traffic in the greater of two directions - outbound. We don't normally charge customers for inbound bandwidth.
We rate limit traffic from all servers to 10Mbps as a precaution to protect ourselves. Being a relatively small provider, it is VERY rare that we or a customer of ours runs a server that generates more than 1-2 MBps of traffic. Everyone has a 10/100 port though, so the potential for a customer (or a customer's hacked machine) to do damage is possible. If someone wants the rate limit removed, we warn them again that they are responsible for their traffic.
We offer rate limiting to our customers if they are afraid about bandwidth costs. This might normally be a 1.5x the rate they're normally budgeting each month. Many customers find that rate limiting makes their site too slow, but riding a bike with training wheels is slow too (but you're less likely to fall down).
We charge by GigaBytes per mo. It's easy to track in web logs and packet counters and customers can write scripts to monitor how much they've used during the month and take appropriate steps toward teh end of the month. This amounts to our charging for average (50th percentile) pricing. We charge enough so that even if they spiked at twice their average, we wouldn't lose money on our bandwidth costs. On average, though, we make money.
If a customer doesn't pay, we shut them off and can take them to small claims court based on the TOS agreement.
These are some of the steps we use to protect ourselves and our customers. Your milage may vary.
(We use packeteer for rate limiting, but I keep eyeballing OpenBSD/AltQ/PF for both rate limiting and firewalling for our customers).
Slashdot Mirror
Taking the 49% figure for granted, there is 49% of hundreds of millions (or [puts pinky by lips] "billions?") of dollars at stake in the way the Academy releases movies to screeners.
;^)
Why don't the MPAA and the Oscar people hire private jets to take groups of screeners every weekend to a special [secure] theater in Los Angeles where they sit in leather couches and drink wine and eat caviar while they watch a bunch of noninated movies in a category in glorious and gluttonous comfort, then take them out to a designer restaurant, and then put them up in a $500/night five-star hotel? Total tab per person - $10000. 3000 screeners -> $30,000,000. Wow, look, it's not a watch-movies-with-the-barbarians inconvenience anymore - it's a privilege to be a screener.
Or, how difficult would it be to add some loss during any part of a distributed two-hour movie (i.e. color, bluriness, sound, distortion, watermark) that is unique to each and every distributed disc? When pirate disk hits the market, you look for the loss or signature for the content or areas of the film that were cut out and then prosecute the violating screener(s) for all that they are worth? Let's say that you need a bunch of equipment and some trustworthy expert staff to make it work - total cost $2,000,000 per year. Stopping screener piracy through accountability - priceless.
Lame! I can only assume that they have no interest in solving the problem - just punishing everyone for the acts of a few.
-ez
PS: Sorry about the flip-flops. It's about time I got some new ones.
.... news at 11!
If you do a Google Search for "death of the internet predicted", it returns over 533000 results. Now we add some more.
-ez
I can't wait to see this published by the GTLD servers:
*.com. IN TXT "spf=deny"
*.net. IN TXT "spf=deny"
-ez
He wears multiple hats.
:: UN:US:Iraq
Talk about SPAM; he's absolutely not neutral. Talk about things he needs to do to fix BIND when Verisign breaks DNS behavior; he works to find a solution that his customers are looking for. Talk about what you need to do to run root nameserver; he's a neutral servant to the Internet.
ICANN should "do something". It's in their mandate to do something, not Paul's.
ICANN:Internet:Verisign
If ICANN doesn't act, the Internet can/should move unilaterally against Verisign, and ICANN is (again) weakened. If ICANN acts, ICANN has the support of the Internet. The case for the Internet against Verisign isn't absolutely lear yet, but Internet intelligence suggests that Verisign has used weapons of mass destruction ("*").
-ez
FanOfPaul
A better patch can be found here.
--
Eric Ziegast
A quick hack for DJBDNS's dnscache to refuse to comply:
/* Bad return value includes 64.94.110.11 */
# diff -c query.c.bak query.c
*** query.c.bak 2003-09-15 22:55:38.000000000 -0700
--- query.c 2003-09-15 23:57:36.000000000 -0700
***************
*** 643,648 ****
--- 643,650 ----
pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE;
if (byte_equal(header + 8,2,"\0\4")) {
pos = dns_packet_copy(buf,len,pos,header,4); if (!pos) goto DIE;
+
+ if (byte_equal(header,4,"\100\136\156\13")) goto SERVFAIL;
save_data(header,4);
log_rr(whichserver,t1,DNS_T_A,header,4,ttl);
}
A better program might preload a list of addresses from a file.
One bad effect from the Verisign infection is that many bogus mailers are no longer bogus. Example:
From: spammer@ferewrf.com
To: You
Subject: Herbal supplement
Some spam filters would use DNS to notice that ferewrf.com. is a bogus mail server (no MX, no A), and therefore reject the mail for forging the sender. Well, now ferewrf.com..com has an A record pointing to 64.94.110.11, so it's now a "valid" mail server.
Doh!!!
We gotta get those resolvers to fail on requests to bogus domains.
A wise friend pointed out to me that Verisign owns all of those *.GTLD-SERVERS.NET servers, so they could theoretically pop this record onto any/all of those servers, and it's hard to boycot all of the Verisign-monopoly COM/NET servers because we need to query them to get valid COM/NET answers. Mod my last post -1 Clueless. It's not _the_ solution, but it might work temporarily until Verisign changes who is serving the global record.
One could change resolver software to detect when there's a bogus response. The logic might look as follows:
If QueryType="A" and Answer="64.94.110.11"
Then Respond(SERVFAIL);
or
If QueryType="A" and Member(Answer, *BogusList)
Then Respond(SERVFAIL);
I think DJBDNS's query.c could be one spot. People working on BIND might have a solution, too.
--
Eric Ziegast
www.lookingtoescapeverisign.tv
At my last check, only the "a", "c", and "d" COM servers are serving the global A record for *.COM.
I am removing those broken nameservers from my root zone hints at all of the places that I administer. Hopefully enough root servers will remain clean of this aborration to keep up a good level of service.
I encourage others everywhere to do the same and ask their ISPs follow suit. If you don't play fairly with the public trust, the public should stop trusting you.
If Verisign can hijack *.COM and *.NET, what is to keep resolving ISPs from hijacking unused domains at the resolver level to suit their own purposes?
Where was the RFC on this practice? It would never have passed peer review.
--
Eric Ziegast
Former TLD administrator.
Former hostmaster at a major ISP.
Martians concerned over Russian nuke plans (October 5th, 2006)
Rocky Canyon, MARS - Local residents plan to block Russian efforts to build nuclear power plants on Mars. Fearing potential health risks from nuclear accidents and what they claim to be a spotty safety record from Russians, representatives of a coalition of Martian leaders plan to raise awareness of the issues and protect or attempt to block the Russian plans. "Not in my back yard!" claims local long-time resident Marvin the Martian, "We do not want an Earth-shattering kaboom on our planet. We have no demodulator for nuclear waste."
Local retiree, Flash Gordon, points out that other environmentally sound energy alternatives are available like geothermal and solar energy. "I don't understand why we should be the dumping ground for Earth's waste. I'm also concerned about their need to use what little water we have to cool their power plants. It sounds like a bad idea to me."
Russia's Nuclear Energy Ministry plans to send a delegation to the planet in 2010 to hold a series of public hearings and town meetings on the matter. "We hope that once the great people of Mars learn the facts about our advances in safety of nuclear energy, that they will welcome a new cheaper source of energy," informed Dr. Strangelove, interim leader of the earth-based planning and research committee. The spotty record of Terran nuclear safety is well known to Martians, including the well-known 20th century Chernobyl and Three Mile Island accidents and the San Onofre security incident last year.
Total Recall star and former California Govenor Arnold Schwarzenegger is rumored to be an investor in the contruction company contracted by the Russian agency to develop the terra-forming technology required to build the power plant. When asked about his links between his commercial investments and campaign contributions to Russian elected officials, he withheld comment.
Mars and Earth are seperated by millions of miles, both literally and apparently in viewpoints about the nuclear project. We look forward to seeing if they can come closer together on this issue.
Key quote:
The attack was apparently an attempt to cripple the site and make it more difficult for users to protect their computers against the Blaster worm. But Microsoft on Friday changed the way it routes computers to the site, averting the attack.
Take a look how they did it:While larege web sites normall use Akamai's services to serve static content (images/media/text) to the world on a massive scale (thousands of servers, gigabits/second of traffic), they leveraged their infrastructure to implement what I call the "Save Your Ass" DDoS protection product. They use their farms of web servers as reverse proxy cache web servers for your web site. The servers would forward legitimate dynamic requests to your web server and serve cached images directly. Since SYN floods aren't valid requests, they'd get dropped at Akamai. Microsoft would deal with only a normal amount of traffic.
Akamai kicks butt (used them myself, and their competitors, too), but Akamai is expensive - once quoted at $1000/Mbps a couple years ago. Even if Microsoft's Windows Update service still works properly, they now have real monetary damages due to a security flaw because they now have to pay Akamai for service.
Interesting note: Akamai is/was mostly Linux-powered. So are Microsoft OS clients talking through Linux boxes to get to Microsft?
Linux saves Microsoft - news at 11.
-ez
Karma - Whore (based on your use of Anonymous Coward when posting garbage)
Call this flamebait or troll, but we don't need no stinkin' supercomputers!
The primary uses of supercomputers that I've read about are to perform simulations of real-world phenomena. It might be possible to contruct circuitry that makes a computer more efficient at a series of specialized computing tasks. It's arguably more efficient to not use supercomputers.
(DANGER - intentional lack of sentitivity below)
Examples:
1. Genomic research - inject experimental drugs into real-live humans. If a higher percentage live or improve, great. If not, the world has too many people anyway. Mutants rule!
2. Nuclear simulations - find a large desert or remote tropical island and nuke it. For studies of effects of radiation on humans - see 1.
3. Weather prediction - use a desktop computer and a weatherman's intuition to give 80% accuracy for what's reported. If your weatherperson is entertaining or easy on the eyes, people won't care about the 20% of the time that they're dead wrong. (Eg: www.nakednews.com)
4. Chess - Watching two people play chess is dull. Watching a person play a computer is dull and pointless. Watching two computers play each other is merely a senseless benchmark test.
5. America's Cup Sailboats - A sailboat is a hole in the water into which you pour money. The faster the sailboat, the faster you pour money into it. Arrrr, matey!
6. SETI - If there's intelligent life out there, it will either take thousands of years for them to reach us (normal sublight travel) or they will arrive here faster than any of their radio signals ever will. Let future generations tackle the problem when we can use orbital or lunar radio telescopes after we solve our own problems on Earth.
7. Cryptography - Social engineering is the most effective breaker of computer codes. Never underestimate the power of a wooden stick to extract secret keys from unbreakable coiphers.
8. Energy resource discovery - If it weren't for the damned environmentalists, we wouldn't care about drilling holes wherever the oil companies want to.
9. Video games - Oh wait, this would actually be a great use for a supercomputer. We'll call it the Metaverse or "The Matrix". <drool>
I'm insensitive, you insensitive clod!
They think webmail is going to be more popular than imap, or pop3 mail boxes.
If Microsoft lets its market share for desktop-based e-mail clients slip, it could be short-sighted.
I use web-based mail at work (iPlanet/SIMS) and web-based mail (Yahoo) at home as my primary mail-reader. I have broadband in both locations and the responsiveness of web-based e-mail conpared to desktop e-mail clients is negligible.
My work-at-home CEO has satellite at home. He can't use the web-based product because the interactive sluggishness from delay and packet loss would kill his productivity. SSH-tunneled POP works great for him because his local e-mail client (Outlook) downloads new e-mail in the background and sends messages out in the background while he is composing/reading mail quickly in the foreground.
When I administered e-mail for a dialup ISP, the primary method our users preferred to access their e-mail was POP to Outlook Express or Netscape Messenger. It is painfully slow to browse through e-mail over a dialup connection. There are still millions of dialup users out there. They are the majority of users on the Internet.
If people use wireless devices in the future, their experience will be more similar to dialup/satellite than broadband, and they'll demand a product that isn't web-based-only. Some of the ideas brought to light by Central or similar technologies could satisfy both broadband/fixed and narrowband/mobile users.
Microsoft makes an excellent user interface for e-mail. They're good at that. Their enterprise/corporate customers may continue to pay for it. Other products like M2, Evolution, and Mozilla will help fill the consumer niche if they open it up. If it weren't for Microsoft's early monopoly bundling tactics vs Netscape Navigator (founded on a "beta/intro is free, production version costs money" business model), we might not have nor expect free browser and e-mail software. We're spoiled. If it weren't for security or playform supportissues, more of us Slashdotters might use Outlook Express.
-ez
PS: I lied. My primary mail reader is MH.
Have things changed?
A "few years ago" was the height of Sun's dot com bubble. If you wanted to run Oracle reliably, you bought Sun/Solaris/Sparc servers along with expensive storage hardware. Trying anything else was "risky". Compared to now, Linux was far more experimental. Oracle had just announced it was going to support Linux. Oracle's support for linux helped put companies like RedHat and VA Linux on the map. Early pioneers tried Oracle on Linux and bot burned. It's gotten alot better today now that Oracle doesn't have to keep chasing the moving target of the distribution du jour or kernel of the month to support their customers.
My biggest gripe about implementing Oracle on Linux is installation. Even with a generic RedHat Advanced Server install (one of their "supported" stable platforms), there are problems with with linking libraries or even just using unzip that just don't seem to make sense (should have been caught in QA). If you don't use their blessed commercial Linux OS distributions, you won't find any suppport from Oracle and scant support from the metalink user community. It helps if you know Unix/Linux enough to debug their shell scripts to figure out what's breaking.
Once we were done installation, our applications and databases ran similar Solaris systems (i.e. knowing how to make patches, managing backups, etc.). Our previously-Sparc-based DBA felt at home using the database tools on Linux. The best part is that our hardware and OS combined cost 25% comparable Sun hardware. We could afford to buy two servers and use the other as a cold backup. If we ever run out of memory, it's dirt cheap to buy more PC DDR SDRAM.
Now that Oracle is reportedly using Linux everywhere, perhaps they'll tune their installation process.
- a sysadmin
People used to use UUCP, BITNET, BBSs (including popular ones like Prodigy, GEine, CompuServe), FidoNET, and X.400 to talk with each other. People on one network might even know how to send e-mail to person on another network. There was a short time in the late 1980's when people thought X.400 (messaging) and X.500 (directory services) would glue everyone together. SMTP, though, was mush easier for e-mail software programmers to implement and became the de facto standard when the Internet was commercialized. It was easy for large user communities like CompuServe and AOL to gateway their e-mail using SMTP. It was also easy for cell phone and pager companies to install SMTP gateways for their products.
SMTP is the (current) least common denominator.
New user communities are developing in Instant Mesaging (AIM, MSN IM, Yahoo IM, IRC, Jabber). Why e-mail someone when you can send an Instant Message? Why use an e-mail mailing list when people have easy access to a threaded web-based forum (like SlashDot) or a BLOG? Why send people e-mail invitations when you can use an Evite?
If you give people your instant messaging ID instead of your e-mail address, that's one less person you will need to communicate with via e-mail. If you give people your cell phone number, they'll call you there or e-mail your text messaging feature. If you tell people, "go to myname.myblog.com" and enter a message, they'll do that. They might bookmark the method they'd use to contact you and use it.
Examples of the future might include:
"blog://myblog.com/myname/yourname"
"google://messages&from=myname&to=yourname&date-g
"http://im2000.yahoo.com/myname/messageid"
"vtext:212-867-5309"
No one company or standards board is going to be able to define "the new standard" (X.400 proponents tried and failed here). The people themselves will decide what it is (with a little help from commercial online services to make it easy for them to use).
... and the spammers will use the new protocols when the number of users using a new messaging protocol number more than a million. If there are technical ways of defeating spam in new protocols, then they will be more desirable for people to use than other protocols (including SMTP).
...!uunet!ziegast)
YIM://ez_sd
(aka
(aka ziegast@umdd.BITNET)
Just a thought for those who like to build sick beowulf clusters out of white box PCs...
If you stack the laptops closed side by side, you can fit 20 of them in a width of 19". If the depth of the rack is 30", you can fit 20 on one side and 20 on another. The height would be 5 rack units, but you'd probably need 1U for power/network cabling. You'd also probably want a 1U 48-port ethernet switch and a 1U shelf for a total of 7U. Each laptop comes with its own UPS. Each laptop - sans hard drive - would probably suck about 20W while on - and 15W when in powersave mode. With 40 laptops, that's 6 rack units of 800W with 40GHz of processing power for $32000.
Each box would boot off of a solid state disk (8MB compactflash or 16MB USB thumb drive) with enough smarts to join the cluster.
Power distribution would be the only real challenge, perhaps some parallel DC bus that all laptops suck 12V off of.
Ok, enough of that.
Personally, this could be my next laptop. I've always looked to Transmeta for long-running laptops, but they've always been to consumery/trendy/expensive for me to consider.
Out: I am an Army of one.
In: You will be assimilated.
New
Now there's one degree of separation between you and the people we want to kill.
I heard that the Army is changing it ranking system:
Enlisted recruit -> Developer Preview
Private -> 1.0
Corporal -> 1.0 Service Pack 1
Sergeant -> 3.0
Lieutenant -> 2000
Major -> 2003
General -> Longhorn
Commander in Chief -> Nickname: Gates
That's almost 500000 computers all running Windows, folks. With a 20:1 ratio, that's 25000 MCSA jobs. Those certification schools were right! I need to certify today!
In other news...
REDMOND, Wa - Microsoft, now a strategic national security asset, is increasing security around it's Redmond, Washington campus. Now known as "Fort Redmond", a 20 foot wall laced with barbed wire is expected to be built within the year. Local residents are outraged....
We now have new respect for technologies like Windows Terminal Server or GotoMyPC.com combined with Centrino technology. That could be a tank you're logging into.
Overheard during a training exercise:
"Sorry, Sarge, I can't find the orders yet. Its mixed in here somewhere with all of this spam.
Enough already!
Another company uses the same concept with more of a specialty for diskless firewall products and wireless. The have good support for OpenBSD /w hardware crypto acceleration as well as Linux and FreeBSD.
http://soekris.com/
-ez
Anyone with ADHD won't be patient enough to read the answers we post.
Karma: Whore (mostly due to picking easily-modded topics to reply).
-ez
When BSDI's BSD/386 was first released, they advertised their phone number - 800-ITS-UNIX - implying indirectly that the operating system was a UNIX derivative. Lawsuits ensued, and instead of trying to prove that UNIX was generic, BSDI just changed the phone number to settle on that count. USL defended the trademark.
That round of lawsuits, though, paved the way for freeing the BSD 4.4 Lite code base to be used by *BSD and Linux operating systems to build their products. Acknowledge the efforts of those people (BSDI and the University of California) when you run your free operating system today.
The trademark had been defended in the past, and Apple can either try to defend their use of "Unix" (like it seems they're doing) or side-step the issue (like BSDI). Sure, there's alot of pollution in the press where journalists mistake a free operating systems for a "Unix-based" operating system or use the term "unix" generically, but the current trademark owners might have a leg to stand upon when it comes to corporate advertising of a product. I can't think of any company that advertised an operating system as "Unix" and got away with it.
Frankly, the term "Unix" has as much stigma to it (expensive, incompatable, hard to administer, not Microsoft) as it does positive (stability, scalability, not Microsoft). Apple could do without using "Unix" in its advertising and continue to market the operating system on its own merits. To fight for use of the "Unix" trademark seems to me to be waste of shareholder money. Is the benefit to Apple worth the expense of fighting the lawsuit?
IANAL; YMMV; yadda yadda yadda
-ez
(*) "Unix" is a trademark of <insert company du jour>.
The advantage of backup to nearline disk is the near-instant access times for restores. You don't have to wait for a tape to load, and the read speed can be 50 megabytes/sec or higher if you use striping (RAID0,0+1,1+0,3,5) with multiple disks.
On the down side, you need to keep spinning a disk in a RAID environment to make sure the data is still good. Drives with one-year warranties aren't designed to sit on a shelf for 5 years and be powered back on. When drives fail, the RAID takes over and rebuilds a spare. You then take out the bad drive and replace it. To protect data, you need to keeps the disks spinning, and that consumes power. With lots of drives, it's lots of power.
One vendor has a hybrid solution that has disks both online and offline emulating a tape library. When disks aren't in use, they spin down. You get the best of both worlds - fast access time and storage that doesn't require power all of the time. It's great for nearline restores, but isn't designed (pricewise) for long-term storage.
In an enterprise world, I see people use SCSI- or FCAL-based SAN/NAS storage with nearline recovery data on IDE farms and long-term archive storage on tape libraries. The software to manage the data can be complicated and/or expensive.
In a budget world, I see people use IDE storage for both active and nearline and archive storage. The only difference between the storage is that the disks on the nearline or archive storage are larger and are used less frequently.
If you have data that gets read frequently after it is backed up or which requires fast recovery times, use nearline disk. If you have data that needs to be archived without any immediate requirements to read it in the near future, use archive tape.
-ez
AOL's (and others') mail blocking practices are opportunities to those that see them. The simple solution is that DSL/Cable/Dial customers should use the outbound SMTP server of their ISP. The ISP usually enforces anti-spam rules on their customers to help protect the ISP from being blacklisted. Sometimes that's not good enough for a customer.
Where there's a will, there's someone willing to pay. A consultant can help a business do the right thing. If you have your own SMTP server on the net, you can configure it to forward mail for your clueless client base and charge them money. If they send spam, you charge them enough money through contract law (and having their credit card number handy) to make it painful for them to do so.
-ez
Spam fighter
... an inside joke for those who have seen the CDW commercial. See Fred's website.
I just started a new job recently. The title "Senior Engineer" seems to be generic enough. My boss, "Directory of Technology", works with all sorts of technology: systems, networking, database, phones, stereo, air conditioning, etc.
I don't want my cell phone company giving out my name/number to a directory. How much do we value having a dedicated phone number for our cell phones mapped into the locality of area codes and prefixes? We don't need it. Much like people use NAT on the Internet, we don't need dedicated telephone numbers for everyone. If a cell phone provider were given a 3-digit identity (###) for every 2-5 million subscribers with their own 7-digit phone numbers (xxx-xxxx):
1. 1-877-700-0### xxx-xxxx - The cell customer pays toll charges if not on a nationwide plan). A mobile phone company might make money letting people use vanity toll free numbers like (87-SLASHDOT) to access their customers.
2. 700-0### xxx-xxxx - Configured from within each LATA.
If I make an outbound call, the caller ID (without extensions to Caller ID) is the 700-0### phone number. If you don't like getting calls from mobile phone users, block it. If I want to have a caller-ID when I call, I can pay my phone company extra money for a random 7-digit number in some area code (think of it like a static IP address).
1. It gives customers more flexibility in choosing their vanity mobile numbers.
2. It helps prevent further area code depletion.
3. It can map well to Internet services (eg: xxxxxxx.###mobile.us). (Make ###mobile.us a reserved name at NIC.US).
4. It gets us out of the locality mindset that the phone companies were found upon and maps better to today's nationwide phone service. It's not just cell phone companies, other virtual phone companies like Vonage (www.vonage.com) are springing up.
I would be a customer of the mobile phone corporation that would not list my information in a public phone company directory. If I want to advertise my number in a directory, I can get my mobile number mapped to a static land line number for the local ILEC to publish in their white pages. Yellow pages are another thing entirely (not an issue).
-ez
8 6 7 - 5 3 0 niiiiiinnne
do you not regard pushing the onus of measuring bandwidth off to your customer an inappropriate one?
I agree. Other projects just happen to be higher on our list right now than real-time bandwidth reports.
Some of the better ISPs give their customers MRTG graphs. Some ISPs even run the data through a program that figures out who is exceeding their quota and starts choking off bandwidth over the period of a month to keep the customer from going over. Web server management tools (Plesk, Ensim, Cobalt) or more-programable rate limiters (OpenBSD/FreeBSD/Linux?) give ISPs more tools to report/manage bandwidth.
A few notes about charging for bandwidth:
These are some of the steps we use to protect ourselves and our customers. Your milage may vary.
(We use packeteer for rate limiting, but I keep eyeballing OpenBSD/AltQ/PF for both rate limiting and firewalling for our customers).